AuthenticationFilter (JSecurity API 0.9.0-RC2)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

JSecurity

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jsecurity.web.filter.authc
Class AuthenticationFilter

java.lang.Object
  org.jsecurity.web.servlet.ServletContextSupport
      org.jsecurity.web.servlet.OncePerRequestFilter
          org.jsecurity.web.servlet.AdviceFilter
              org.jsecurity.web.filter.PathMatchingFilter
                  org.jsecurity.web.filter.AccessControlFilter
                      org.jsecurity.web.filter.authc.AuthenticationFilter

All Implemented Interfaces:: Filter, Nameable, PathConfigProcessor

Direct Known Subclasses:: AuthenticatingFilter, PassThruAuthenticationFilter

public abstract class AuthenticationFilter
extends AccessControlFilter
extends AccessControlFilter

Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system. If the user is not authenticated, we use the template method pattern to delegate the processing of an unauthenticated request to sub classes.

Since:: 0.9
Author:: Allan Ditzel, Jeremy Haile, Les Hazlewood

Field Summary
`static String`	`DEFAULT_SUCCESS_URL`

Fields inherited from class org.jsecurity.web.filter.AccessControlFilter
`DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD`

Fields inherited from class org.jsecurity.web.filter.PathMatchingFilter
`appliedPaths, pathMatcher`

Fields inherited from class org.jsecurity.web.servlet.OncePerRequestFilter
`ALREADY_FILTERED_SUFFIX, filterConfig`

Fields inherited from class org.jsecurity.web.servlet.ServletContextSupport
`HTTP_SESSION_MODE, JSECURITY_SESSION_MODE, SESSION_MODE_CONTEXT_PARAM_NAME`

Constructor Summary
`AuthenticationFilter()`

Method Summary
`protected String`	`getSuccessUrl()`
`protected boolean`	`isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)` Determines whether the current subject is authenticated.
`protected void`	`issueSuccessRedirect(ServletRequest request, ServletResponse response)`
`void`	`setSuccessUrl(String successUrl)` Sets the success URL that is the default location a user is sent to after logging in when `issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse)` is called by subclasses of this filter.

Methods inherited from class org.jsecurity.web.filter.AccessControlFilter
`getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl`

Methods inherited from class org.jsecurity.web.filter.PathMatchingFilter
`getPathWithinApplication, pathsMatch, pathsMatch, preHandle, processPathConfig`

Methods inherited from class org.jsecurity.web.servlet.AdviceFilter
`afterCompletion, cleanup, doFilterInternal, executeChain, postHandle`

Methods inherited from class org.jsecurity.web.servlet.OncePerRequestFilter
`destroy, doFilter, getAlreadyFilteredAttributeName, getFilterConfig, getName, init, onFilterConfigSet, setFilterConfig, setName, shouldNotFilter`

Methods inherited from class org.jsecurity.web.servlet.ServletContextSupport
`bind, getAttribute, getContextInitParam, getServletContext, removeAttribute, setAttribute, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

DEFAULT_SUCCESS_URL

public static final String DEFAULT_SUCCESS_URL

See Also:: Constant Field Values

Constructor Detail

AuthenticationFilter

public AuthenticationFilter()

Method Detail

getSuccessUrl

protected String getSuccessUrl()

setSuccessUrl

public void setSuccessUrl(String successUrl)

Sets the success URL that is the default location a user is sent to after logging in when issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse) is called by subclasses of this filter.

Parameters:: successUrl - the success URL to redirect the user to after a successful login.

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)

Determines whether the current subject is authenticated.

The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

Specified by:: isAccessAllowed in class AccessControlFilter

Parameters:: request - the incoming ServletRequest; response - the outgoing ServletResponse; mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:: true if the subject is authenticated; false if the subject is unauthenticated

issueSuccessRedirect

protected void issueSuccessRedirect(ServletRequest request,
                                    ServletResponse response)
                             throws Exception

Throws:: Exception